The main activity of the course is a project where students independently attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. To carry out the attack, the students are free to use their imagination and tools available on Internet. Tools for network and vulnerability scanning, platforms for exploit development, command and control, passwork creacking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.
EN2720 Ethical Hacking 7.5 credits
In this course, you will learn penetration testing, i.e.cybersecurity assessment of computer networks by offensive methods. These methods aim to find and exploit vulnerabilities in software systems. The main project of the course is rigged as a game, where you are required to explore and exploit a virtual computer network in order to exfiltrate specific pieces of data.
While the course formally only requires the completion of an introductory programming course, it is strongly recommended that you are also comfortable with networking and operating systems.
Information per course offering
Choose semester and course offering to see current information and more about the course, such as course syllabus, study period, and application information.
Information for Autumn 2025 Start 25 Aug 2025 programme students
- Course location
KTH Campus
- Duration
- 25 Aug 2025 - 24 Oct 2025
- Periods
- P1 (7.5 hp)
- Pace of study
50%
- Application code
50006
- Form of study
Normal Daytime
- Language of instruction
English
- Course memo
- Course memo is not published
- Number of places
Places are not limited
- Target group
Open for all programmes as long as it can be included in your programme.
- Planned modular schedule
- [object Object]
- Schedule
- Schedule is not published
- Part of programme
Degree Programme in Computer Engineering, åk 3, DPU2, Conditionally Elective
Degree Programme in Computer Engineering, åk 3, SAIN, Recommended
Degree Programme in Electronics and Computer Engineering, åk 3, Recommended
Degree Programme in Engineering and Economics, åk 2, TIEL, Conditionally Elective
Degree Programme in Engineering and Economics, åk 3, TIDA, Conditionally Elective
Degree Programme in Engineering and Economics, åk 3, TIED, Conditionally Elective
Master of Science in Engineering and in Education, åk 4, TEDA, Conditionally Elective
Master of Science in Engineering and in Education, åk 5, TEDA, Conditionally Elective
Master's Programme, Communication Systems, åk 2, ITE, Recommended
Master's Programme, Communication Systems, åk 2, SMK, Recommended
Master's Programme, Communication Systems, åk 2, TRN, Recommended
Master's Programme, Cybersecurity, åk 1, Mandatory
Master's Programme, Information and Network Engineering, åk 1, Recommended
Master's Programme, Information and Network Engineering, åk 1, NWS, Recommended
Master's Programme, Information and Network Engineering, åk 2, Recommended
Master's Programme, Information and Network Engineering, åk 2, NWS, Recommended
Contact
Pontus Johnson
Course syllabus as PDF
Please note: all information from the Course syllabus is available on this page in an accessible format.
Course syllabus EN2720 (Autumn 2024–)Content and learning outcomes
Course contents
Intended learning outcomes
After passing the course, the student should, at an introductory level, be able to
- establish resources to support offensive security operations
- perform reconnaissance and discovery to plan operations
- access credentials, such as account names, passwords and access tokens
- achieve initial access to networks and systems
- execute malicious code on remote devices
- establish command and control capabilities to communicate with compromised systems
- elevate privileges on systems to gain higher-level permissions
- persist on networks by maintaining access across interruptions
- move laterally, pivoting through the computing environment
- avoid detection by network defenders
- collect and exfiltrate data from computing environments
- assess the security of computer systems, applications, and services
- carry out legal and ethical security testing.
This will provide students with a practical understanding of the capabilities and possibilities of an attacker, in order to evaluate the cybersecurity of computer networks.
Literature and preparations
Specific prerequisites
Knowledge and skills in basic programming, 6 credits, corresponding to completed course DD1310-DD1319/DD1321/DD1331/DD1337/DD100N/ID1018.
Recommended prerequisites
We strongly recommend that you have some familiarity with communication networks (for example EP1100 Data communication and computer networks) and operating systems (for example ID1206 Operating systems). If you do not, please plan for significantly a higher course load than otherwise expected.
Equipment
Literature
Examination and completion
If the course is discontinued, students may request to be examined during the following two academic years.
Grading scale
Examination
- INL2 - Home assignment, 0.5 credits, grading scale: P, F
- PRO2 - Project assignment, 6.5 credits, grading scale: A, B, C, D, E, FX, F
- TEN2 - Written exam, 0.5 credits, grading scale: P, F
Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.
The examiner may apply another examination format when re-examining individual students.
Opportunity to complete the requirements via supplementary examination
Opportunity to raise an approved grade via renewed examination
Examiner
Ethical approach
- All members of a group are responsible for the group's work.
- In any assessment, every student shall honestly disclose any help received and sources used.
- In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.
Further information
Course room in Canvas
Offered by
Main field of study
Education cycle
Add-on studies
Contact
Transitional regulations
The earlier written assignment INL1 has been replaced by INL2.
The earlier project PROA has been replaced by PRO2 and TEN2.
Supplementary information
In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex.